Gnu Binutils vulnerabilities

CVE-2017-17122 [HIGH] CWE-190 CVE-2017-17122: The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc cou The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.

CVE-2017-17125 [HIGH] CWE-125 CVE-2017-17125: nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote atta nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.

CVE-2017-17123 [MEDIUM] CWE-476 CVE-2017-17123: The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka l The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.

CVE-2017-17080 [MEDIUM] CWE-125 CVE-2017-17080: elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29. elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbs

CVE-2017-16832 [HIGH] CWE-190 CVE-2017-16832: The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbf The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impa

CVE-2017-16831 [HIGH] CWE-190 CVE-2017-16831: coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2 coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.

CVE-2017-16826 [HIGH] CWE-119 CVE-2017-16826: The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka li The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.

CVE-2017-16828 [HIGH] CWE-190 CVE-2017-16828: The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.

CVE-2017-16827 [HIGH] CWE-119 CVE-2017-16827: The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka l The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.

CVE-2017-16830 [HIGH] CWE-190 CVE-2017-16830: The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overf The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.

CVE-2017-16829 [HIGH] CWE-125 CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) l The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted

CVE-2017-15996 [HIGH] CWE-119 CVE-2017-15996: elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (exce elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, pr

CVE-2017-15938 [HIGH] CWE-119 CVE-2017-15938: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2. dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).

CVE-2017-15939 [MEDIUM] CVE-2017-15939: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2. dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete

CVE-2017-15225 [MEDIUM] CWE-772 CVE-2017-15225: _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.

CVE-2017-15020 [HIGH] CWE-125 CVE-2017-15020: dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2. dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-base

CVE-2017-15021 [MEDIUM] CWE-125 CVE-2017-15021: bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as d bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.

CVE-2017-15025 [MEDIUM] CWE-369 CVE-2017-15025: decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribute decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.

CVE-2017-15023 [MEDIUM] CWE-476 CVE-2017-15023: read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

CVE-2017-15022 [MEDIUM] CWE-476 CVE-2017-15022: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2. dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbol